From 1540f24e9247a7418449b43aa45068afca1f76ed Mon Sep 17 00:00:00 2001 From: Juan Lang Date: Thu, 30 Aug 2007 17:55:43 -0700 Subject: [PATCH] crypt32: Don't fail chain creation if root isn't self-signed. --- dlls/crypt32/chain.c | 42 ++++++++++++++++++++------------------ dlls/crypt32/tests/chain.c | 3 +-- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 1372ad8cffa..658b7c7881d 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -339,6 +339,26 @@ static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain) CryptMemFree(chain); } +static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, + PCERT_CHAIN_ELEMENT rootElement) +{ + BYTE hash[20]; + DWORD size = sizeof(hash); + CRYPT_HASH_BLOB blob = { sizeof(hash), hash }; + PCCERT_CONTEXT trustedRoot; + + CertGetCertificateContextProperty(rootElement->pCertContext, + CERT_HASH_PROP_ID, hash, &size); + trustedRoot = CertFindCertificateInStore(hRoot, + rootElement->pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, + &blob, NULL); + if (!trustedRoot) + rootElement->TrustStatus.dwErrorStatus |= + CERT_TRUST_IS_UNTRUSTED_ROOT; + else + CertFreeCertificateContext(trustedRoot); +} + static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_SIMPLE_CHAIN *ppChain) @@ -387,9 +407,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, chain->rgpElement[chain->cElement - 1]; PCCERT_CONTEXT root = rootElement->pCertContext; - if (!(ret = CRYPT_IsCertificateSelfSigned(root))) - TRACE("Last certificate is not self-signed\n"); - else + if (CRYPT_IsCertificateSelfSigned(root)) { rootElement->TrustStatus.dwInfoStatus |= CERT_TRUST_IS_SELF_SIGNED; @@ -402,23 +420,7 @@ static BOOL CRYPT_BuildSimpleChain(HCERTCHAINENGINE hChainEngine, rootElement->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_SIGNATURE_VALID; } - } - if (CRYPT_IsCertificateSelfSigned(root)) - { - BYTE hash[20]; - DWORD size = sizeof(hash); - CRYPT_HASH_BLOB blob = { sizeof(hash), hash }; - PCCERT_CONTEXT trustedRoot; - - CertGetCertificateContextProperty(root, CERT_HASH_PROP_ID, hash, - &size); - trustedRoot = CertFindCertificateInStore(engine->hRoot, - root->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob, NULL); - if (!trustedRoot) - rootElement->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_UNTRUSTED_ROOT; - else - CertFreeCertificateContext(trustedRoot); + CRYPT_CheckTrustedStatus(engine->hRoot, rootElement); } chain->TrustStatus.dwErrorStatus |= rootElement->TrustStatus.dwErrorStatus; diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 2d42ccbbcb2..3ec4dbabb1f 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -1529,13 +1529,12 @@ static ChainCheck chainCheck[] = { CERT_TRUST_IS_NOT_TIME_VALID, 0 }, 1, simpleStatus8 }, TODO_ERROR | TODO_INFO }, - /* This (cyclic) chain fails in Wine */ { { sizeof(chain9) / sizeof(chain9[0]), chain9 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT | CERT_TRUST_INVALID_BASIC_CONSTRAINTS | CERT_TRUST_IS_CYCLIC, 0 }, 1, simpleStatus9 }, - TODO_CHAIN | TODO_ERROR | TODO_INFO }, + TODO_ERROR | TODO_INFO }, { { sizeof(chain10) / sizeof(chain10[0]), chain10 }, { { 0, CERT_TRUST_HAS_PREFERRED_ISSUER }, { CERT_TRUST_IS_UNTRUSTED_ROOT, 0 }, 1, simpleStatus10 },